[AccessD] OT: DSL/IIS/Viruses

Mwp.Reid at Queens-Belfast.AC.UK Mwp.Reid at Queens-Belfast.AC.UK
Fri May 23 10:12:17 CDT 2003 

Jim

You run a web server at hoem your always at risk of hacking attempts. Put 
up a secent firewall.

I have IIS running on a server here but its not connected to the web. Dosnt 
matter for dev work at all. I connect as and when I need to. Other than 
that I leave the server of the modems.



Martin


On May 23 2003, Jim DeMarco wrote:

> What about running it on another machine on my (wireless) network that's 
> not directly connected to my DSL modem but has Internet access via that 
> connection? Is that any safer?
> 
> Jim DeMarco
> 
> 
> -----Original Message-----
> From: Frank Tanner III [mailto:pctech at mybellybutton.com]
> Sent: Friday, May 23, 2003 9:29 AM
> To: accessd at databaseadvisors.com
> Subject: RE: [AccessD] OT: DSL/IIS/Viruses
> 
> 
> Personally, I wouldn't run ANY public accessable
> services on my LAN.  There is a MUCH safer way to do
> it, but it isn't super cheap.
> 
> I have a custom built firewall, which I run at home. 
> The "public" side of it connects directly to my
> Internet connection, in this case a 1Mbit VDSL
> connection.  Then I have a "private" side, which
> connects to my LAN, and has my strict firewall rules. 
> Only what I want gets in and out.  Lastly, I have a
> "DMZ".  This is where I place my publicly accessable
> machines.  It is still firewalled, but not as
> stringently as the LAN side, since the public needs to
> hit it.  Even in this DMZ I only let through the ports
> I absolutely need to.  Such as 80 & 443 for Web, 25 &
> 110 for e-mail, etc.  My LAN is also firewalled from
> my DMZ in this configuration except for what's
> absolutely needed.
> 
> In this confugiration, unless I specifically open an
> e-mail with a virus attached, or something silly like
> that, I'm about as safe as one can get from "the big
> bad Internet".  The worst that can happen is that
> there is an exploit for one of my publicly accessable
> boxes and they get compromised.  My LAN is still safe.
> 
> As a side note, my firewall, web server, and e-mail
> server are all running Linix or FreeBSD.  This makes
> them less succeptable to all of the more common
> attacks that the "script kiddies" like to use.  About
> 80% of the attacks and defacements on publicly
> accessable servers are done by "script kiddies".  An
> added benifit is that IIS specific exploits have no
> affect other than to fill my logs, which archive and
> rotate off daily.
> 
> Is this a bit excessive, since I don't run a business
> out of my home?  Yeah, it is.  But there's no such
> thing as too much security.
> 
> --- John Frederick <j.frederick at att.net> wrote:
> > Yes, it is necessary.  When I started doing .asp on
> > the same machine I used
> > to dial-up to get email, I got, over some period of
> > time, about a dozen
> > different viruses, some of which propagated through
> > my lan to other
> > machines.  If you can't block the access from the
> > net to your machines, you
> > need to either use a firewall or disconnect the pws
> > machine from the lan.
> > 
> > P.S.: If you put firewalls, such as Norton or McAfee
> > on your machines, you
> > can ask to be warned and have a change to say ok or
> > no when a program tries
> > to access another machine or the net.  You'll be
> > amazed about how many
> > Microsoft and other vendow programs do so for no
> > reason related to your
> > current operation in progress.  If you're not
> > already paranoid, that will
> > make you so.
> > 
> > -----Original Message-----
> > From: accessd-bounces at databaseadvisors.com
> > [mailto:accessd-bounces at databaseadvisors.com]On
> > Behalf Of Jim DeMarco
> > Sent: Friday, May 23, 2003 8:03 AM
> > To: AccessD (E-mail)
> > Subject: [AccessD] OT: DSL/IIS/Viruses
> > 
> > 
> > List,
> > 
> > A while back I got a DSL connection on my home
> > office PC which I
> > occasionally use for web development using Personal
> > Web Server (Win 9x/ME
> > version of IIS).  I was advised by our staff network
> > person NOT to run PWS
> > after the DSL was up because I'd be succeptable to
> > attacks and viruses.
> > Does anyone know if this is true?  I have not run
> > PWS in a couple of months
> > and have been using a disconnected laptop to write
> > ASP code but I'm
> > wondering if this is necessary.  Would I need to
> > install a firewall if I
> > want to run PWS?
> > 
> > Thanks,
> > 
> > Jim DeMarco
> > 
> > 
> >
>  
>  
> ****************************************************************************
> > *******
> > "This electronic message is intended to be for the
> > use only of the named
> > recipient, and may contain information from Hudson
> > Health Plan (HHP) that is
> > confidential or privileged.  If you are not the
> > intended recipient, you are
> > hereby notified that any disclosure, copying,
> > distribution or use of the
> > contents of this message is strictly prohibited.  If
> > you have received this
> > message in error or are not the named recipient,
> > please notify us
> > immediately, either by contacting the sender at the
> > electronic mail address
> > noted above or calling HHP at (914) 631-1611. If you
> > are not the intended
> > recipient, please do not forward this email to
> > anyone, and delete and
> > destroy all copies of this message.  Thank You".
> >
>  
>  
> ****************************************************************************
> > *******
> > 
> > _______________________________________________
> > AccessD mailing list
> > AccessD at databaseadvisors.com
> > http://databaseadvisors.com/mailman/listinfo/accessd
> > Website: http://www.databaseadvisors.com
> > 
> > 
> > _______________________________________________
> > AccessD mailing list
> > AccessD at databaseadvisors.com
> > http://databaseadvisors.com/mailman/listinfo/accessd
> > Website: http://www.databaseadvisors.com
> 
> _______________________________________________
> AccessD mailing list
> AccessD at databaseadvisors.com
> http://databaseadvisors.com/mailman/listinfo/accessd
> Website: http://www.databaseadvisors.com
> 
> 
>  
>  
> *********************************************************************************** 
> "This electronic message is intended to be for the use only of the named 
> recipient, and may contain information from Hudson Health Plan (HHP) that 
> is confidential or privileged. If you are not the intended recipient, you 
> are hereby notified that any disclosure, copying, distribution or use of 
> the contents of this message is strictly prohibited. If you have received 
> this message in error or are not the named recipient, please notify us 
> immediately, either by contacting the sender at the electronic mail 
> address noted above or calling HHP at (914) 631-1611. If you are not the 
> intended recipient, please do not forward this email to anyone, and 
> delete and destroy all copies of this message. Thank You". 
> ***********************************************************************************
> 
> _______________________________________________
> AccessD mailing list
> AccessD at databaseadvisors.com
> http://databaseadvisors.com/mailman/listinfo/accessd
> Website: http://www.databaseadvisors.com
>

More information about the AccessD mailing list